Hi!
Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization. Switched to
FreeRadius 2.0.1 from 1.1.7.
What I need: extract MSCHAPv2 auth from PEAP, proxy auth to external server
which knows nothing about EAP.
All configs are almost default from distribution. Key changes:
in eap.conf:
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = no
virtual_server = "proxy-inner-tunnel"
}
proxy-inner-tunnel is taken from examples with modified realm name:
server proxy-inner-tunnel {
authorize {
update control {
Proxy-To-Realm := "xxx"
}
}
}
As a result, no proxying has been done by freeradius:
PEAP: Sending tunneled request
EAP-Message = 0x0206000801616161
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "aaa"
server proxy-inner-tunnel {
Tue Feb 5 14:56:01 2008 : Debug: +- entering group authorize
Tue Feb 5 14:56:01 2008 : Debug: ++[control] returns notfound
} # server proxy-inner-tunnel
PEAP: Got tunneled reply RADIUS code 0
Tue Feb 5 14:56:01 2008 : Debug: PEAP: Tunneled authentication will be
proxied to xxx
Tue Feb 5 14:56:01 2008 : Debug: Tunneled session will be proxied. Not
doing EAP.
Tue Feb 5 14:56:01 2008 : Debug: modsingle[authenticate]: returned from eap
(rlm_eap) for request 6
Tue Feb 5 14:56:01 2008 : Debug: ++[eap] returns handled
Tue Feb 5 14:56:01 2008 : Debug: There was no response configured: rejecting
request 6
Tue Feb 5 14:56:01 2008 : Debug: Found Post-Auth-Type Reject
Tue Feb 5 14:56:01 2008 : Debug: +- entering group REJECT
....
--
Best wishes,
Dmitry Sergienko (SDA104-RIPE)
Trifle Co., Ltd.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
